The Legal Implications of Datacenter Location (Guest Blog Post)
by guest blogger Marketa Trimble
The location of a datacenter matters—the location of third-party datacenters affects companies’ (datacenter customers’) decisions whether to use the datacenters for colocation or other services. Part of any assessment of the suitability of a datacenter location should be the legal implications that may arise from locating servers in a particular jurisdiction, including the possibility that local courts could extend their jurisdiction over the datacenter’s customers and become a venue for litigation against the customers. Notwithstanding a 2020 decision by the U.S. Court of Appeals for the Federal Circuit, at least one magistrate judge on the famously entrepreneurial and transfer-averse U.S. District Court for the Eastern District of Texas thinks that using a third-party datacenter in the Eastern District of Texas can make the court the proper venue for patent litigation in some circumstances.
* * *
There are many reasons why datacenters are where they are. Datacenter service providers (ISPs) select locations for datacenters based on myriad factors, including desirable climate, stable access to an electric grid, solid connectivity, favorable geological environment, minimal likelihood of natural disasters, safety and security, and the availability of clean energy. These characteristics also tend to be important for an ISP’s customers, who select datacenters with the central goal of optimizing their own services, including reducing network latency.
The legal environment of a datacenter location is significant; it affects real estate transactions, tax conditions, employment issues, access to energy, emergency protocols, and contractual relations. For the ISP’s customers, the choice of datacenter location is sometimes driven by data localization requirements that some jurisdictions have adopted to force companies to store particular data in a jurisdiction’s territory. These requirements are not created solely for censorship or other malign purposes; for example, some jurisdictions require that online gambling data or personal data of their residents be stored in the jurisdictions’ territory for data and consumer protection and law enforcement purposes. Some free trade agreements—the CPTPP and the USMCA—include provisions aimed at curtailing data localization requirements.
ISPs should not want a court in their datacenter location to extend its jurisdiction over any of their customers merely because the customers use an ISP’s datacenter. To date, U.S. courts have been skeptical of using the place of a defendant’s server as the basis for personal jurisdiction; courts have found jurisdiction based on the place of a server, for example, when the server itself was the location of the tortious conduct or its effects, such as the location of the misappropriation of trade secrets that were stored on the server (MacDermid, Inc. v. Deiter), or the location of the unauthorized use of the server that resulted in damages (Intercon, Inc. v. Bell Atlantic Internet Solutions, Inc.). In both cases it was the location of the plaintiff’s—not the defendant’s—server that mattered (and also the fact that the defendants knew where the servers were located).
Attempts to base personal jurisdiction solely on the location of third-party servers have not been successful. The use of a third-party content delivery network (“CDN”), such as Cloudflare, could be a contributing factor in a personal jurisdictional inquiry, but the use of CDNs will unlikely suffice as the only factor for the “expressly aimed” prong of the inquiry, particularly if a CDN provides global services.
Patent venue rules (28 U.S.C. 1400(b)) are different from rules of personal jurisdiction, and in 2018 and 2019, Judge Rodney Gilstrap of the U.S. District Court for the Eastern District of Texas found that venue was proper in the district in Super Interconnect Techs. LLC v. Google LLC based on the defendant’s—Google LLC’s—servers being located in the district, even though Google did not own the particular datacenters where the servers were located. The U.S. Court of Appeals for the Federal Circuit in 2018 denied Google’s first mandamus petition, but on Google’s second attempt the Federal Circuit Court held in 2020 that mandamus was warranted and venue was not proper.
The key question for the application of the patent venue rule in In re Google was whether the location of Google’s servers, combined with the other facts in the case, justified a holding that Google had a “regular and established place of business” in the Eastern District of Texas. Google’s ISPs were obligated under their contract with Google to provide “‘[r]emote assistance services,’ which ‘involve[d] basic maintenance activities’ … if requested by Google.” Google employees did not install, maintain, or physically access the servers located in the datacenters. The Federal Circuit Court held that the datacenter locations were not “places of business” because “a ‘place of business’ generally requires an employee or agent of the defendant to be conducting business at that place,” and Google had no employees at the locations and the ISPs did not act as Google’s agents. (Judge Wallach’s concurring opinion is of note because of his suggestion that Google’s end users might be considered to be acting as Google’s agents.)
Nevertheless, the Federal Circuit Court’s order in In re Google might not have foreclosed the possibility of the Eastern District of Texas finding that venue is proper in other cases involving third-party datacenters. On September 27, 2021, magistrate judge Roy Payne recommended in CA, Inc. v. Netflix, Inc. that the court find venue proper in the Eastern District of Texas based on the location of third-party datacenters because the ISPs’ services resulted in the ISPs acting as Netflix’s agents. The servers in the Netflix case were part of Netflix’s Open Connect CDN program through which Netflix achieves its goal of “provid[ing its] millions of Netflix subscribers the highest-quality viewing experience possible … by partnering with Internet Service Providers (ISPs) to deliver [its] content more efficiently.” The program is pitched to ISPs as a program they should be involved in, and Netflix transfers the title to its servers to the ISPs. However, the magistrate judge found that the ISPs’ involvement in Netflix’s operation went beyond the “basic maintenance activities” that were found insufficient to establish an agency relationship in Google.
Netflix might have hoped that, by transferring title to the Open Connect hardware, it would sufficiently distance itself from its ISPs’ locations. However, in distancing itself from the hardware ownership, it created ties with its ISPs that would play a role in patent venue considerations. If the district court adopts the magistrate judge’s recommendation and the decision survives a challenge in the Federal Circuit Court, a new line of cases might appear that would affect the legal environment in which datacenters operate and the business models that they and their customers would want to pursue.